AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
May 2023
Categories |
Back to Blog
W32dasm 101/1/2023 ![]() ![]() Using these frameworks you can build very powerful dynamic analysis tools that allow the monitoring and manipulation of instruction streams in a very transparent and highly efficient way. Today, Python is the de-facto scripting language of reverse engineering and many tools from IDA Pro to ImmunityDebugger or BinNavi support Python scripting.Įven though the technology is not brand-new (the first publications describing ‘Dynamo’ go back to 2000), the widespread use of dynamic instrumentation tools like DynamoRIO and Pin for reverse engineering certainly is. Later we had tools like Pedram Amini’s PyDbg or Ero Carrera’s pefile that helped popularize the Python language in reverse engineering. The first major step forward I can remember was the creation of the IDAPython plugin for IDA Pro which added a way to access the IDA API from Python (Gergely Erdelyi, 2004). This all changed with the growing popularity of the scripting language Python and SWIG, a technology which allows programs to easily add a Python interpreter and expose a Python-based API. For debuggers the situation looked even bleaker. ![]() For disassemblers your best bet was a clumsy IDC implementation in IDA Pro 4. ![]() Shortly thereafter, the graph engine of IDA Pro was improved (especially in IDA Pro 5.0, March 2006) to provide interactive graphing out of the box.īack in 2000, most reverse engineering tools were primitive and barely extensible. In the following years other tools (such as BinNavi) were built around the idea of interacting with flowgraphs. With visual flow graphs we can just look at the graph and understand the control flow pretty much immediately. Before we had graphs we had to reconstruct control-flow structures like loops and if-else statements from linearly listed assembly instructions. In essence, using visual flow graphs during reverse engineering raises the level of abstraction and understanding of code while at the same time lowering the required time and effort one has to invest. ![]() Here they are:įirst introduced in IDA Pro 4.17 (June 2001), the ability to view disassembled assembly code in graph form made the job of reverse engineers much easier. If you had a self-written tracer that logged the execution of conditional jumps you were basically a king.Īnyway, we came up with several trends and technologies we believe have changed the job of reverse engineers tremendously since 2000. What has changed since then? What made the biggest impact? Remember: Back in the dark days of 2000, W32Dasm and Turbo Debugger were considered good reverse engineering tools. On our way back home from Black Hat Europe in Barcelona, Thomas and I were brainstorming about the most important changes to the field of binary code reverse engineering in the last 10 years. ![]()
0 Comments
Read More
Leave a Reply. |